mirror of
https://github.com/3proxy/3proxy.git
synced 2026-07-16 17:30:11 +08:00
wolfSSL support added
This commit is contained in:
parent
3a66c0a4c0
commit
f173f8860d
4
.github/workflows/build-win32.yml
vendored
4
.github/workflows/build-win32.yml
vendored
@ -28,7 +28,7 @@ jobs:
|
||||
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||
- name: install packages
|
||||
run: vcpkg install pcre2:x86-windows-static openssl:x86-windows-static
|
||||
run: vcpkg install pcre2:x86-windows-static wolfssl[opensslcompat]:x86-windows-static
|
||||
- name: Add msbuild to PATH
|
||||
uses: microsoft/setup-msbuild@v3
|
||||
- name: make Windows MSVC
|
||||
@ -41,7 +41,7 @@ jobs:
|
||||
set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib"
|
||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include"
|
||||
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
||||
nmake /F Makefile.msvc
|
||||
nmake /F Makefile.msvc WOLFSSL=1
|
||||
- name: Decode Certificate
|
||||
shell: pwsh
|
||||
run: |
|
||||
|
||||
4
.github/workflows/build-win64.yml
vendored
4
.github/workflows/build-win64.yml
vendored
@ -29,7 +29,7 @@ jobs:
|
||||
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||
- name: install packages
|
||||
run: vcpkg install pcre2:x64-windows-static openssl:x64-windows-static
|
||||
run: vcpkg install pcre2:x64-windows-static wolfssl[opensslcompat]:x64-windows-static
|
||||
- name: Add msbuild to PATH
|
||||
uses: microsoft/setup-msbuild@v3
|
||||
- name: make Windows MSVC
|
||||
@ -42,7 +42,7 @@ jobs:
|
||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include"
|
||||
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
||||
echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
|
||||
nmake /F Makefile.msvc
|
||||
nmake /F Makefile.msvc WOLFSSL=1
|
||||
- name: Decode Certificate
|
||||
shell: pwsh
|
||||
run: |
|
||||
|
||||
4
.github/workflows/build-winarm64.yml
vendored
4
.github/workflows/build-winarm64.yml
vendored
@ -28,7 +28,7 @@ jobs:
|
||||
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||
- name: install packages
|
||||
run: vcpkg install pcre2:arm64-windows-static openssl:arm64-windows-static
|
||||
run: vcpkg install pcre2:arm64-windows-static wolfssl[opensslcompat]:arm64-windows-static
|
||||
- name: Add msbuild to PATH
|
||||
uses: microsoft/setup-msbuild@v3
|
||||
- name: make Windows MSVC
|
||||
@ -41,7 +41,7 @@ jobs:
|
||||
set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib"
|
||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include"
|
||||
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
||||
nmake /F Makefile.msvc
|
||||
nmake /F Makefile.msvc WOLFSSL=1
|
||||
- name: Decode Certificate
|
||||
shell: pwsh
|
||||
run: |
|
||||
|
||||
8
.github/workflows/c-cpp-Windows.yml
vendored
8
.github/workflows/c-cpp-Windows.yml
vendored
@ -21,7 +21,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v7
|
||||
- name: install Windows libraries
|
||||
run: vcpkg install pcre2:x64-windows && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-openssl
|
||||
run: vcpkg install pcre2:x64-windows wolfssl[opensslcompat]:x64-windows-static && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-wolfssl
|
||||
- name: make Windows
|
||||
run: make -f Makefile.win
|
||||
env:
|
||||
@ -37,7 +37,7 @@ jobs:
|
||||
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
|
||||
D:
|
||||
cd "D:/a/3proxy/3proxy"
|
||||
set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
|
||||
set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
|
||||
nmake /F Makefile.msvc
|
||||
set "LIB=%LIB%;c:/vcpkg/installed/x64-windows-static/lib;c:/vcpkg/installed/x64-windows/lib"
|
||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include;c:/vcpkg/installed/x64-windows/include"
|
||||
nmake /F Makefile.msvc WOLFSSL=1
|
||||
nmake /F Makefile.msvc clean
|
||||
|
||||
15
.github/workflows/c-cpp-cmake.yml
vendored
15
.github/workflows/c-cpp-cmake.yml
vendored
@ -57,3 +57,18 @@ jobs:
|
||||
cmake --build .
|
||||
cd ..
|
||||
rmdir /s /q build
|
||||
|
||||
wolfssl:
|
||||
name: "ubuntu-latest (wolfSSL)"
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v7
|
||||
- name: Install wolfSSL
|
||||
run: sudo apt install -y libwolfssl-dev
|
||||
- name: make with CMake (wolfSSL preferred)
|
||||
run: |
|
||||
mkdir build
|
||||
cd build
|
||||
cmake ..
|
||||
cmake --build .
|
||||
cd .. && rm -rf build/
|
||||
|
||||
123
CMakeLists.txt
123
CMakeLists.txt
@ -46,7 +46,8 @@ endif()
|
||||
|
||||
# Options
|
||||
option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
|
||||
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support (requires OpenSSL)" ON)
|
||||
option(3PROXY_USE_WOLFSSL "Enable TLS/SSL support via wolfSSL (preferred when detected)" ON)
|
||||
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support via OpenSSL (fallback when wolfSSL unavailable)" ON)
|
||||
option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON)
|
||||
option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
|
||||
option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
|
||||
@ -253,17 +254,38 @@ endif()
|
||||
|
||||
# Find dependencies
|
||||
|
||||
# OpenSSL
|
||||
# TLS/SSL backend: prefer wolfSSL when detected, fall back to OpenSSL.
|
||||
set(3PROXY_SSL_ENABLED FALSE)
|
||||
set(3PROXY_SSL_WOLFSSL FALSE)
|
||||
set(OPENSSL_FOUND FALSE)
|
||||
if(3PROXY_USE_OPENSSL)
|
||||
set(WOLFSSL_FOUND FALSE)
|
||||
|
||||
if(3PROXY_USE_WOLFSSL)
|
||||
find_path(WOLFSSL_INCLUDE_DIR NAMES wolfssl/options.h wolfssl/ssl.h)
|
||||
find_library(WOLFSSL_LIBRARIES NAMES wolfssl)
|
||||
if(WOLFSSL_INCLUDE_DIR AND WOLFSSL_LIBRARIES)
|
||||
set(WOLFSSL_FOUND TRUE)
|
||||
set(3PROXY_SSL_ENABLED TRUE)
|
||||
set(3PROXY_SSL_WOLFSSL TRUE)
|
||||
add_compile_definitions(WITH_SSL WITH_WOLFSSL)
|
||||
message(STATUS "wolfSSL found: ${WOLFSSL_LIBRARIES} (preferred backend)")
|
||||
else()
|
||||
message(STATUS "wolfSSL not found, falling back to OpenSSL if enabled")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(NOT 3PROXY_SSL_ENABLED AND 3PROXY_USE_OPENSSL)
|
||||
find_package(OpenSSL REQUIRED)
|
||||
if(OpenSSL_FOUND)
|
||||
set(OPENSSL_FOUND TRUE)
|
||||
set(3PROXY_SSL_ENABLED TRUE)
|
||||
add_compile_definitions(WITH_SSL)
|
||||
message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
|
||||
endif()
|
||||
else()
|
||||
message(STATUS "OpenSSL disabled by user request")
|
||||
elseif(NOT 3PROXY_SSL_ENABLED)
|
||||
message(STATUS "SSL disabled (neither wolfSSL nor OpenSSL enabled/found)")
|
||||
elseif(3PROXY_SSL_WOLFSSL)
|
||||
message(STATUS "OpenSSL skipped (wolfSSL in use)")
|
||||
endif()
|
||||
|
||||
# PCRE2
|
||||
@ -305,8 +327,9 @@ if(ODBC_FOUND)
|
||||
add_compile_definitions(WITH_ODBC)
|
||||
endif()
|
||||
|
||||
# Set NORADIUS if OpenSSL is not available (RADIUS requires MD5 from OpenSSL)
|
||||
if(NOT OPENSSL_FOUND)
|
||||
# Set NORADIUS if no SSL backend is available (RADIUS MD5 uses bundled md5, but
|
||||
# keep the historical gate tied to SSL availability).
|
||||
if(NOT 3PROXY_SSL_ENABLED)
|
||||
add_compile_definitions(NORADIUS)
|
||||
endif()
|
||||
|
||||
@ -328,10 +351,15 @@ set(3PROXY_CORE_SOURCES
|
||||
src/stringtable.c
|
||||
)
|
||||
|
||||
# BLAKE2 source for 3proxy_crypt
|
||||
# BLAKE2 source for 3proxy_crypt (bundled reference impl; wolfSSL provides
|
||||
# BLAKE2b natively via wc_Blake2b* when WITH_WOLFSSL is enabled)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
set(MD_SOURCES)
|
||||
else()
|
||||
set(MD_SOURCES
|
||||
src/libs/blake2b-ref.c
|
||||
)
|
||||
endif()
|
||||
|
||||
# ============================================================================
|
||||
# Object libraries for common sources (shared between executables)
|
||||
@ -350,13 +378,19 @@ target_include_directories(common_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||
add_library(base64_obj OBJECT src/base64.c)
|
||||
target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||
|
||||
# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere)
|
||||
# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere,
|
||||
# wolfSSL when WITH_WOLFSSL is enabled)
|
||||
if(WIN32)
|
||||
add_library(mdhash_obj OBJECT src/mdhash.c)
|
||||
elseif(3PROXY_SSL_WOLFSSL)
|
||||
add_library(mdhash_obj OBJECT src/mdhash.c)
|
||||
else()
|
||||
add_library(mdhash_obj OBJECT src/mdhash.c src/libs/md4.c src/libs/md5.c)
|
||||
endif()
|
||||
target_include_directories(mdhash_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
target_include_directories(mdhash_obj PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||
endif()
|
||||
|
||||
# ============================================================================
|
||||
# Object libraries for 3proxy (compiled WITHOUT WITHMAIN)
|
||||
@ -402,9 +436,13 @@ target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||
# 3proxy_crypt object for 3proxy (without WITHMAIN)
|
||||
add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c)
|
||||
target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_ENABLED)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
target_include_directories(3proxy_crypt_obj PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||
else()
|
||||
target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR})
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# ============================================================================
|
||||
# Main 3proxy executable
|
||||
@ -425,7 +463,7 @@ add_executable(3proxy
|
||||
)
|
||||
target_sources(3proxy PRIVATE ${MD_SOURCES})
|
||||
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_ENABLED)
|
||||
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
|
||||
endif()
|
||||
|
||||
@ -437,9 +475,13 @@ target_include_directories(3proxy PRIVATE
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/src
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
|
||||
)
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_ENABLED)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
target_include_directories(3proxy PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||
else()
|
||||
target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR})
|
||||
endif()
|
||||
endif()
|
||||
if(PCRE2_FOUND)
|
||||
target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS})
|
||||
endif()
|
||||
@ -454,10 +496,16 @@ if(ODBC_FOUND)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# OpenSSL linking
|
||||
if(OpenSSL_FOUND)
|
||||
# SSL linking
|
||||
if(3PROXY_SSL_ENABLED)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
if(3PROXY_STATIC_LINK)
|
||||
# Will be linked statically below (if static libraries are found)
|
||||
# Will be linked statically below (if static library is found)
|
||||
else()
|
||||
target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES})
|
||||
endif()
|
||||
elseif(3PROXY_STATIC_LINK)
|
||||
# OpenSSL static linking handled below
|
||||
else()
|
||||
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
||||
endif()
|
||||
@ -474,14 +522,19 @@ if(PCRE2_FOUND)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Static linking of OpenSSL and PCRE2 (when option is enabled)
|
||||
if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
|
||||
# Static linking of SSL backend and PCRE2 (when option is enabled)
|
||||
if(3PROXY_STATIC_LINK AND ((3PROXY_SSL_ENABLED AND NOT 3PROXY_SSL_WOLFSSL) OR (3PROXY_SSL_WOLFSSL) OR PCRE2_FOUND))
|
||||
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
||||
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
||||
|
||||
set(_static_libs "")
|
||||
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
find_library(_wolfssl_static_lib NAMES wolfssl)
|
||||
if(_wolfssl_static_lib)
|
||||
list(APPEND _static_libs ${_wolfssl_static_lib})
|
||||
endif()
|
||||
elseif(OpenSSL_FOUND)
|
||||
find_library(_ssl_static_lib ssl)
|
||||
find_library(_crypto_static_lib crypto)
|
||||
if(_ssl_static_lib AND _crypto_static_lib)
|
||||
@ -500,10 +553,12 @@ if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
|
||||
|
||||
if(_static_libs)
|
||||
target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic)
|
||||
message(STATUS "Static linking enabled for OpenSSL/PCRE2")
|
||||
message(STATUS "Static linking enabled for SSL backend/PCRE2")
|
||||
else()
|
||||
message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic")
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES})
|
||||
elseif(OpenSSL_FOUND)
|
||||
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
||||
endif()
|
||||
if(PCRE2_FOUND)
|
||||
@ -537,11 +592,32 @@ target_include_directories(3proxy_crypt PRIVATE
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/src
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
|
||||
)
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_ENABLED)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
target_include_directories(3proxy_crypt PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||
else()
|
||||
target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR})
|
||||
endif()
|
||||
endif()
|
||||
target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
|
||||
if(OpenSSL_FOUND)
|
||||
if(3PROXY_SSL_ENABLED)
|
||||
if(3PROXY_SSL_WOLFSSL)
|
||||
if(3PROXY_STATIC_LINK)
|
||||
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
||||
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
||||
find_library(_wolfssl_static_lib_c NAMES wolfssl)
|
||||
set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
|
||||
if(_wolfssl_static_lib_c)
|
||||
target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_wolfssl_static_lib_c} -Wl,-Bdynamic)
|
||||
message(STATUS "3proxy_crypt: static wolfSSL")
|
||||
else()
|
||||
message(WARNING "3PROXY_STATIC_LINK is ON but static wolfSSL not found, using dynamic")
|
||||
target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES})
|
||||
endif()
|
||||
else()
|
||||
target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES})
|
||||
endif()
|
||||
else()
|
||||
if(3PROXY_STATIC_LINK)
|
||||
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
||||
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
||||
@ -559,6 +635,7 @@ if(OpenSSL_FOUND)
|
||||
target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
||||
endif()
|
||||
endif()
|
||||
endif()
|
||||
if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
|
||||
set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
|
||||
else()
|
||||
@ -848,6 +925,7 @@ message(STATUS " Build type: ${CMAKE_BUILD_TYPE}")
|
||||
message(STATUS "")
|
||||
message(STATUS " Options:")
|
||||
message(STATUS " BUILD_SHARED: ${3PROXY_BUILD_SHARED}")
|
||||
message(STATUS " USE_WOLFSSL: ${3PROXY_USE_WOLFSSL}")
|
||||
message(STATUS " USE_OPENSSL: ${3PROXY_USE_OPENSSL}")
|
||||
message(STATUS " USE_PCRE2: ${3PROXY_USE_PCRE2}")
|
||||
message(STATUS " USE_PAM: ${3PROXY_USE_PAM}")
|
||||
@ -865,6 +943,7 @@ if(WIN32)
|
||||
endif()
|
||||
message(STATUS "")
|
||||
message(STATUS " Libraries found:")
|
||||
message(STATUS " wolfSSL: ${WOLFSSL_FOUND}")
|
||||
message(STATUS " OpenSSL: ${OPENSSL_FOUND}")
|
||||
message(STATUS " PCRE2: ${PCRE2_FOUND}")
|
||||
message(STATUS " PAM: ${PAM_FOUND}")
|
||||
|
||||
@ -47,6 +47,13 @@ ifeq ($(LIBSTATIC), true)
|
||||
STATIC_SUFFIX = -Wl,-Bdynamic
|
||||
ZLIB = -lz -lzstd
|
||||
endif
|
||||
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
|
||||
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||
ZLIB :=
|
||||
else
|
||||
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||
ifeq ($(OPENSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX)
|
||||
@ -55,6 +62,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
||||
else
|
||||
ZLIB :=
|
||||
endif
|
||||
endif
|
||||
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||
ifeq ($(PCRE_CHECK), true)
|
||||
CFLAGS += -DWITH_PCRE
|
||||
@ -66,7 +74,11 @@ ifeq ($(PAM_CHECK), true)
|
||||
PLUGINS += PamAuth
|
||||
endif
|
||||
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
BUNDLED_HASH_OBJS =
|
||||
else
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||
endif
|
||||
include Makefile.inc
|
||||
|
||||
DESTDIR ?=
|
||||
|
||||
@ -51,6 +51,13 @@ ifeq ($(LIBSTATIC), true)
|
||||
ZLIB = -lz -lzstd
|
||||
endif
|
||||
|
||||
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
|
||||
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||
ZLIB :=
|
||||
else
|
||||
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||
ifeq ($(OPENSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
|
||||
@ -59,6 +66,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
||||
else
|
||||
ZLIB :=
|
||||
endif
|
||||
endif
|
||||
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||
ifeq ($(PCRE_CHECK), true)
|
||||
CFLAGS += -DWITH_PCRE
|
||||
@ -69,7 +77,11 @@ PAM_CHECK ?= $(shell echo "\#include <security/pam_appl.h>\\n int main(){return
|
||||
ifeq ($(PAM_CHECK), true)
|
||||
PLUGINS += PamAuth
|
||||
endif
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
BUNDLED_HASH_OBJS =
|
||||
else
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||
endif
|
||||
include Makefile.inc
|
||||
|
||||
allplugins:
|
||||
|
||||
@ -31,12 +31,19 @@ COMPATLIBS =
|
||||
MAKEFILE = Makefile.Solaris
|
||||
PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
|
||||
|
||||
WOLFSSL_CHECK = $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testwssl testwssl.o -lwolfssl 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
LIBS += -lwolfssl
|
||||
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||
else
|
||||
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||
ifeq ($(OPENSSL_CHECK), true)
|
||||
LIBS += -l crypto -l ssl
|
||||
CFLAGS += -DWITH_SSL
|
||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||
endif
|
||||
endif
|
||||
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||
ifeq ($(PCRE_CHECK), true)
|
||||
CFLAGS += -DWITH_PCRE
|
||||
@ -44,7 +51,11 @@ ifeq ($(PCRE_CHECK), true)
|
||||
PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic
|
||||
endif
|
||||
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
BUNDLED_HASH_OBJS =
|
||||
else
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||
endif
|
||||
include Makefile.inc
|
||||
|
||||
allplugins:
|
||||
|
||||
@ -11,13 +11,22 @@ CRYPT_PREFIX = 3proxy_
|
||||
CC = cl
|
||||
VERSION = $(VERSION)
|
||||
BUILDDATE = $(BUILDDATE)
|
||||
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
|
||||
!IFDEF WOLFSSL
|
||||
SSL_DEFS = /D "WITH_SSL" /D "WITH_WOLFSSL"
|
||||
SSL_LIBS = wolfssl.lib
|
||||
BUNDLED_HASH_OBJS =
|
||||
!ELSE
|
||||
SSL_DEFS = /D "WITH_SSL"
|
||||
SSL_LIBS = libcrypto.lib libssl.lib
|
||||
BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS)
|
||||
!ENDIF
|
||||
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" $(SSL_DEFS) /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
|
||||
COUT = /Fo
|
||||
LN = link
|
||||
LDFLAGS = /nologo /subsystem:console /incremental:no
|
||||
DLFLAGS = /DLL
|
||||
DLSUFFICS = .dll
|
||||
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib pcre2-8.lib
|
||||
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib $(SSL_LIBS) pcre2-8.lib
|
||||
LIBSPREFIX =
|
||||
LIBSSUFFIX = .lib
|
||||
LIBEXT = .lib
|
||||
|
||||
@ -49,6 +49,13 @@ ifeq ($(LIBSTATIC), true)
|
||||
STATIC_SUFFIX = -Wl,-Bdynamic
|
||||
ZLIB = -lz -lzstd
|
||||
endif
|
||||
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
|
||||
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||
ZLIB :=
|
||||
else
|
||||
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||
ifeq ($(OPENSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
|
||||
@ -57,6 +64,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
||||
else
|
||||
ZLIB :=
|
||||
endif
|
||||
endif
|
||||
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||
ifeq ($(PCRE_CHECK), true)
|
||||
CFLAGS += -DWITH_PCRE
|
||||
@ -68,7 +76,11 @@ ifeq ($(PAM_CHECK), true)
|
||||
PLUGINS += PamAuth
|
||||
endif
|
||||
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
BUNDLED_HASH_OBJS =
|
||||
else
|
||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||
endif
|
||||
include Makefile.inc
|
||||
|
||||
DESTDIR ?=
|
||||
|
||||
10
Makefile.win
10
Makefile.win
@ -42,6 +42,15 @@ ifeq ($(LIBSTATIC), true)
|
||||
STATIC_SUFFIX = -Wl,-Bdynamic
|
||||
ZLIB = -lz
|
||||
endif
|
||||
WOLFSSL_CHECK = $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -o testwssl - 2>/dev/null && rm testwssl && echo true||echo false)
|
||||
ifeq ($(WOLFSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -lws2_32
|
||||
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||
ZLIB :=
|
||||
BUNDLED_HASH_OBJS =
|
||||
else
|
||||
BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS)
|
||||
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
|
||||
ifeq ($(OPENSSL_CHECK), true)
|
||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -lcrypt32
|
||||
@ -50,6 +59,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
||||
else
|
||||
ZLIB :=
|
||||
endif
|
||||
endif
|
||||
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
|
||||
ifeq ($(PAM_CHECK), true)
|
||||
PLUGINS += PamAuth
|
||||
|
||||
@ -5,7 +5,6 @@
|
||||
please read License Agreement
|
||||
|
||||
*/
|
||||
#include "libs/blake2.h"
|
||||
#include "mdhash.h"
|
||||
#include <string.h>
|
||||
|
||||
@ -52,7 +51,7 @@ unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPasswor
|
||||
}
|
||||
|
||||
/* Encrypt Unicode password to a 16-byte MD4 hash */
|
||||
ctx = mdh_init(MDH_MD4);
|
||||
ctx = mdh_init(MDH_MD4, 16);
|
||||
if(!ctx) return NULL;
|
||||
mdh_update(ctx, szUnicodePass, (nPasswordLen<<1));
|
||||
if(!mdh_final(ctx, szUnicodePass, &len)) {
|
||||
@ -89,7 +88,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
||||
sl = (int)(ep - sp);
|
||||
magic = (unsigned char *)"$1$";
|
||||
|
||||
ctx = mdh_init(MDH_MD5);
|
||||
ctx = mdh_init(MDH_MD5, 16);
|
||||
if(!ctx) {
|
||||
*passwd = 0;
|
||||
return NULL;
|
||||
@ -105,7 +104,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
||||
mdh_update(ctx, sp, (unsigned int)sl);
|
||||
|
||||
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
|
||||
ctx1 = mdh_init(MDH_MD5);
|
||||
ctx1 = mdh_init(MDH_MD5, 16);
|
||||
if(!ctx1) {
|
||||
mdh_free(ctx);
|
||||
*passwd = 0;
|
||||
@ -139,7 +138,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
||||
*/
|
||||
for(i=0;i<1000;i++) {
|
||||
mdh_free(ctx1);
|
||||
ctx1 = mdh_init(MDH_MD5);
|
||||
ctx1 = mdh_init(MDH_MD5, 16);
|
||||
if(!ctx1) { *passwd = 0; return NULL; }
|
||||
if(i & 1)
|
||||
mdh_update(ctx1, pw, (unsigned int)strlen((char *)pw));
|
||||
@ -167,14 +166,17 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
||||
sl = (int)(ep - sp);
|
||||
magic = (unsigned char *)"$3$";
|
||||
{
|
||||
blake2b_state S;
|
||||
if(blake2b_init(&S, MD5_SIZE) != 0 ||
|
||||
blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
|
||||
blake2b_update(&S, sp, sl) != 0 ||
|
||||
blake2b_final(&S, final, MD5_SIZE) != 0) {
|
||||
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, MD5_SIZE);
|
||||
unsigned int blen = MD5_SIZE;
|
||||
if(!bctx ||
|
||||
!mdh_update(bctx, pw, (unsigned int)(strlen((char *)pw) + 1)) ||
|
||||
!mdh_update(bctx, sp, (unsigned int)sl) ||
|
||||
!mdh_final(bctx, final, &blen)) {
|
||||
mdh_free(bctx);
|
||||
*passwd = 0;
|
||||
return NULL;
|
||||
}
|
||||
mdh_free(bctx);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
@ -164,8 +164,8 @@ md4$(OBJSUFFICS): libs/md4.c libs/md4.h
|
||||
md5$(OBJSUFFICS): libs/md5.c libs/md5.h
|
||||
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
|
||||
|
||||
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS)
|
||||
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
|
||||
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS)
|
||||
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
|
||||
|
||||
stringtable$(OBJSUFFICS): stringtable.c
|
||||
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
|
||||
@ -179,6 +179,6 @@ ssl$(OBJSUFFICS): ssl.c structures.h proxy.h ssl.h
|
||||
pcre$(OBJSUFFICS): pcre.c structures.h
|
||||
$(CC) $(COUT)pcre$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITH_PCRE pcre.c
|
||||
|
||||
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
|
||||
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)
|
||||
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
|
||||
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)
|
||||
|
||||
|
||||
14
src/auth.c
14
src/auth.c
@ -7,7 +7,7 @@
|
||||
*/
|
||||
|
||||
#include "proxy.h"
|
||||
#include "libs/blake2.h"
|
||||
#include "mdhash.h"
|
||||
|
||||
void initbandlims(struct clientparam *param);
|
||||
|
||||
@ -231,13 +231,17 @@ int strongauth(struct clientparam * param){
|
||||
if((unsigned)pwlen < pwl_table.recsize) {
|
||||
if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0;
|
||||
} else {
|
||||
blake2b_state S;
|
||||
mdh_ctx *bctx;
|
||||
unsigned hashsz;
|
||||
unsigned int blen;
|
||||
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
|
||||
memset(buf, 0, pwl_table.recsize - 1);
|
||||
blake2b_init(&S, hashsz);
|
||||
blake2b_update(&S, param->password, pwlen + 1);
|
||||
blake2b_final(&S, buf, hashsz);
|
||||
bctx = mdh_init(MDH_BLAKE2, hashsz);
|
||||
if(!bctx) return 6;
|
||||
mdh_update(bctx, param->password, pwlen + 1);
|
||||
blen = hashsz;
|
||||
mdh_final(bctx, buf, &blen);
|
||||
mdh_free(bctx);
|
||||
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
|
||||
}
|
||||
return 6;
|
||||
|
||||
@ -188,7 +188,7 @@ char *strNcpy(char *dest, const char *src, int n)
|
||||
void md5_calc(unsigned char *output, unsigned char *input,
|
||||
unsigned int inlen)
|
||||
{
|
||||
mdh_ctx *ctx = mdh_init(MDH_MD5);
|
||||
mdh_ctx *ctx = mdh_init(MDH_MD5, 16);
|
||||
unsigned int len = 16;
|
||||
if(!ctx) return;
|
||||
mdh_update(ctx, input, inlen);
|
||||
|
||||
14
src/conf.c
14
src/conf.c
@ -7,7 +7,7 @@
|
||||
*/
|
||||
|
||||
#include "proxy.h"
|
||||
#include "libs/blake2.h"
|
||||
#include "mdhash.h"
|
||||
#ifdef WITH_SSL
|
||||
void ssl_install(void);
|
||||
#endif
|
||||
@ -543,13 +543,17 @@ static int h_users(int argc, unsigned char **argv){
|
||||
l = strlen(pw[1]);
|
||||
if(l > 255) l = 255;
|
||||
if((unsigned)l >= pwl_table.recsize) {
|
||||
blake2b_state S;
|
||||
mdh_ctx *bctx;
|
||||
unsigned hashsz;
|
||||
unsigned int blen;
|
||||
if(*pass != CL) continue;
|
||||
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
|
||||
blake2b_init(&S, hashsz);
|
||||
blake2b_update(&S, pw[1], l + 1);
|
||||
blake2b_final(&S, pass+1, hashsz);
|
||||
bctx = mdh_init(MDH_BLAKE2, hashsz);
|
||||
if(!bctx) continue;
|
||||
mdh_update(bctx, pw[1], l + 1);
|
||||
blen = hashsz;
|
||||
mdh_final(bctx, (unsigned char *)pass+1, &blen);
|
||||
mdh_free(bctx);
|
||||
} else {
|
||||
memcpy(pass + 1, pw[1], l);
|
||||
}
|
||||
|
||||
@ -1,18 +1,21 @@
|
||||
#include "proxy.h"
|
||||
#include "libs/blake2.h"
|
||||
#include "mdhash.h"
|
||||
|
||||
|
||||
static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||
blake2b_state S;
|
||||
int len;
|
||||
unsigned int blen;
|
||||
|
||||
len = strlen((const char*)index);
|
||||
memset(hash, 0, ht->hash_size);
|
||||
if(len <= ht->hash_size) memcpy(hash, index, len);
|
||||
else {
|
||||
blake2b_init(&S, ht->hash_size);
|
||||
blake2b_update(&S, index, strlen((const char*)index) + 1);
|
||||
blake2b_final(&S, hash, ht->hash_size);
|
||||
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
|
||||
if(!bctx) return;
|
||||
mdh_update(bctx, index, (unsigned int)(strlen((const char*)index) + 1));
|
||||
blen = ht->hash_size;
|
||||
mdh_final(bctx, hash, &blen);
|
||||
mdh_free(bctx);
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,7 +26,6 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has
|
||||
}
|
||||
|
||||
void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||
blake2b_state S;
|
||||
struct clientparam *param = (struct clientparam *)index;
|
||||
unsigned type = param->srv->authcachetype;
|
||||
int len = 0, oplen = 0, acllen = 0, ulen = 0, plen = 0, hlen = 0, a1len = 0, a2len = 0, a3len = 0, p1len=0, p2len = 0;
|
||||
@ -55,31 +57,36 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||
if((type & 2048)){ memcpy(hash + offset, SAPORT(¶m->srv->intsa), p2len); offset += 2; }
|
||||
}
|
||||
else {
|
||||
blake2b_init(&S, ht->hash_size);
|
||||
if((type & 2) && param->username)blake2b_update(&S, param->username, ulen);
|
||||
if((type & 4) && param->password)blake2b_update(&S, param->password, plen);
|
||||
if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(¶m->sincr), a1len);
|
||||
if((type & 16))blake2b_update(&S, ¶m->srv->acl, acllen);
|
||||
if((type & 64))blake2b_update(&S, SAADDR(¶m->req), a2len);
|
||||
if((type & 128))blake2b_update(&S, SAPORT(¶m->req), 2);
|
||||
if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen);
|
||||
if((type & 512))blake2b_update(&S, ¶m->operation, sizeof(param->operation));
|
||||
if((type & 1024))blake2b_update(&S, SAADDR(¶m->srv->intsa), a3len);
|
||||
if((type & 2048))blake2b_update(&S, SAPORT(¶m->srv->intsa), 2);
|
||||
blake2b_final(&S, hash, ht->hash_size);
|
||||
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
|
||||
unsigned int blen = ht->hash_size;
|
||||
if(!bctx) { memcpy(param->hash, hash, ht->hash_size); return; }
|
||||
if((type & 2) && param->username)mdh_update(bctx, param->username, ulen);
|
||||
if((type & 4) && param->password)mdh_update(bctx, param->password, plen);
|
||||
if((type & 1) && !(type & 8))mdh_update(bctx, SAADDR(¶m->sincr), a1len);
|
||||
if((type & 16))mdh_update(bctx, ¶m->srv->acl, acllen);
|
||||
if((type & 64))mdh_update(bctx, SAADDR(¶m->req), a2len);
|
||||
if((type & 128))mdh_update(bctx, SAPORT(¶m->req), 2);
|
||||
if((type & 256) && param->hostname)mdh_update(bctx, param->hostname, hlen);
|
||||
if((type & 512))mdh_update(bctx, ¶m->operation, sizeof(param->operation));
|
||||
if((type & 1024))mdh_update(bctx, SAADDR(¶m->srv->intsa), a3len);
|
||||
if((type & 2048))mdh_update(bctx, SAPORT(¶m->srv->intsa), 2);
|
||||
mdh_final(bctx, hash, &blen);
|
||||
mdh_free(bctx);
|
||||
}
|
||||
memcpy(param->hash, hash, ht->hash_size);
|
||||
}
|
||||
|
||||
static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||
struct clientparam *param = (struct clientparam *)index;
|
||||
blake2b_state S;
|
||||
blake2b_init(&S, ht->hash_size);
|
||||
blake2b_update(&S, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa));
|
||||
blake2b_update(&S, SAPORT(¶m->srv->intsa), 2);
|
||||
blake2b_update(&S, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr));
|
||||
blake2b_update(&S, SAPORT(¶m->sincr), 2);
|
||||
blake2b_final(&S, hash, ht->hash_size);
|
||||
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
|
||||
unsigned int blen = ht->hash_size;
|
||||
if(!bctx) return;
|
||||
mdh_update(bctx, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa));
|
||||
mdh_update(bctx, SAPORT(¶m->srv->intsa), 2);
|
||||
mdh_update(bctx, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr));
|
||||
mdh_update(bctx, SAPORT(¶m->sincr), 2);
|
||||
mdh_final(bctx, hash, &blen);
|
||||
mdh_free(bctx);
|
||||
}
|
||||
|
||||
struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};
|
||||
|
||||
@ -26,6 +26,11 @@
|
||||
#ifndef _MD4_H
|
||||
#define _MD4_H
|
||||
|
||||
#ifdef WITH_WOLFSSL
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/openssl/md4.h>
|
||||
#else
|
||||
|
||||
#include <stddef.h> /* for size_t */
|
||||
|
||||
/* Any 32-bit or wider unsigned integer data type will do */
|
||||
@ -44,4 +49,6 @@ extern void MD4_Init(MD4_CTX *ctx);
|
||||
extern void MD4_Update(MD4_CTX *ctx, const void *data, size_t size);
|
||||
extern void MD4_Final(unsigned char *result, MD4_CTX *ctx);
|
||||
|
||||
#endif /* !WITH_WOLFSSL */
|
||||
|
||||
#endif
|
||||
|
||||
@ -26,6 +26,11 @@
|
||||
#ifndef _MD5_H
|
||||
#define _MD5_H
|
||||
|
||||
#ifdef WITH_WOLFSSL
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/openssl/md5.h>
|
||||
#else
|
||||
|
||||
/* Any 32-bit or wider unsigned integer data type will do */
|
||||
typedef unsigned int MD5_u32plus;
|
||||
|
||||
@ -40,4 +45,6 @@ extern void MD5_Init(MD5_CTX *ctx);
|
||||
extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
|
||||
extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
|
||||
|
||||
#endif /* !WITH_WOLFSSL */
|
||||
|
||||
#endif
|
||||
|
||||
217
src/mdhash.c
217
src/mdhash.c
@ -4,129 +4,202 @@
|
||||
|
||||
please read License Agreement
|
||||
|
||||
MD4/MD5 hash implementation.
|
||||
- Windows: CryptoAPI (CAPI). Supports both CALG_MD4 and CALG_MD5.
|
||||
- Other platforms: bundled public-domain MD4/MD5 (Solar Designer, 2001).
|
||||
MD4/MD5/BLAKE2 hash implementation.
|
||||
- Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2.
|
||||
- wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native wc_*).
|
||||
- Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference.
|
||||
*/
|
||||
#include "mdhash.h"
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
/* ----- BLAKE2 backend selection ----- */
|
||||
#ifdef WITH_WOLFSSL
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/wolfcrypt/blake2.h>
|
||||
#define MDH_BLAKE2_BACKEND_WOLFSSL
|
||||
#else
|
||||
#include "libs/blake2.h"
|
||||
#endif
|
||||
|
||||
/* ----- MD4/MD5 backend selection ----- */
|
||||
#if defined(_WIN32) && !defined(WITH_WOLFSSL)
|
||||
#define MDH_MD_BACKEND_CAPI
|
||||
#define WIN32_LEAN_AND_MEAN
|
||||
#include <windows.h>
|
||||
#include <wincrypt.h>
|
||||
#else
|
||||
#include "libs/md4.h"
|
||||
#include "libs/md5.h"
|
||||
#endif
|
||||
|
||||
struct mdh_ctx {
|
||||
mdh_alg alg;
|
||||
unsigned int outlen;
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
HCRYPTPROV hProv;
|
||||
HCRYPTHASH hHash;
|
||||
#else
|
||||
union {
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
} u;
|
||||
#endif
|
||||
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||
Blake2b blake2;
|
||||
#else
|
||||
blake2b_state blake2;
|
||||
#endif
|
||||
};
|
||||
|
||||
mdh_ctx *mdh_init(mdh_alg alg)
|
||||
mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen)
|
||||
{
|
||||
mdh_ctx *c;
|
||||
ALG_ID alg_id;
|
||||
|
||||
c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
|
||||
mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
|
||||
if(!c) return NULL;
|
||||
c->hProv = 0;
|
||||
c->hHash = 0;
|
||||
memset(c, 0, sizeof(*c));
|
||||
c->alg = alg;
|
||||
c->outlen = outlen;
|
||||
|
||||
switch(alg) {
|
||||
case MDH_MD4:
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT)) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
alg_id = (alg == MDH_MD4) ? CALG_MD4 : CALG_MD5;
|
||||
if(!CryptCreateHash(c->hProv, alg_id, 0, 0, &c->hHash)) {
|
||||
if(!CryptCreateHash(c->hProv, CALG_MD4, 0, 0, &c->hHash)) {
|
||||
CryptReleaseContext(c->hProv, 0);
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
return c;
|
||||
}
|
||||
|
||||
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
|
||||
{
|
||||
if(!c || !c->hHash) return 0;
|
||||
if(len == 0) return 1;
|
||||
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
|
||||
}
|
||||
|
||||
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
|
||||
{
|
||||
DWORD l;
|
||||
BOOL ok;
|
||||
|
||||
if(!c || !c->hHash || !outlen) return 0;
|
||||
l = (DWORD)*outlen;
|
||||
ok = CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0);
|
||||
if(!ok) return 0;
|
||||
*outlen = (unsigned int)l;
|
||||
return 1;
|
||||
}
|
||||
|
||||
void mdh_free(mdh_ctx *c)
|
||||
{
|
||||
if(!c) return;
|
||||
if(c->hHash) CryptDestroyHash(c->hHash);
|
||||
if(c->hProv) CryptReleaseContext(c->hProv, 0);
|
||||
free(c);
|
||||
}
|
||||
|
||||
#else /* !_WIN32 */
|
||||
|
||||
#include "libs/md4.h"
|
||||
#include "libs/md5.h"
|
||||
#include <string.h>
|
||||
|
||||
struct mdh_ctx {
|
||||
int alg; /* MDH_MD4 or MDH_MD5 */
|
||||
union {
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
} u;
|
||||
};
|
||||
|
||||
mdh_ctx *mdh_init(mdh_alg alg)
|
||||
{
|
||||
mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
|
||||
if(!c) return NULL;
|
||||
c->alg = alg;
|
||||
if(alg == MDH_MD4)
|
||||
#else
|
||||
MD4_Init(&c->u.md4);
|
||||
else
|
||||
#endif
|
||||
break;
|
||||
case MDH_MD5:
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT)) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
if(!CryptCreateHash(c->hProv, CALG_MD5, 0, 0, &c->hHash)) {
|
||||
CryptReleaseContext(c->hProv, 0);
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
#else
|
||||
MD5_Init(&c->u.md5);
|
||||
#endif
|
||||
break;
|
||||
case MDH_BLAKE2:
|
||||
if(!outlen || outlen > 64) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||
if(wc_InitBlake2b(&c->blake2, outlen) != 0) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
#else
|
||||
if(blake2b_init(&c->blake2, outlen) != 0) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
return c;
|
||||
}
|
||||
|
||||
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
|
||||
{
|
||||
if(!c) return 0;
|
||||
if(c->alg == MDH_MD4)
|
||||
if(len == 0) return 1;
|
||||
switch(c->alg) {
|
||||
case MDH_MD4:
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
|
||||
#else
|
||||
MD4_Update(&c->u.md4, data, (size_t)len);
|
||||
else
|
||||
return 1;
|
||||
#endif
|
||||
case MDH_MD5:
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
|
||||
#else
|
||||
MD5_Update(&c->u.md5, data, (unsigned long)len);
|
||||
return 1;
|
||||
#endif
|
||||
case MDH_BLAKE2:
|
||||
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||
return wc_Blake2bUpdate(&c->blake2, (const byte *)data, len) == 0;
|
||||
#else
|
||||
return blake2b_update(&c->blake2, data, len) == 0;
|
||||
#endif
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
|
||||
{
|
||||
if(!c || !outlen) return 0;
|
||||
if(c->alg == MDH_MD4)
|
||||
switch(c->alg) {
|
||||
case MDH_MD4:
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
{
|
||||
DWORD l = (DWORD)*outlen;
|
||||
if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0))
|
||||
return 0;
|
||||
*outlen = (unsigned int)l;
|
||||
return 1;
|
||||
}
|
||||
#else
|
||||
MD4_Final(out, &c->u.md4);
|
||||
else
|
||||
*outlen = 16;
|
||||
return 1;
|
||||
#endif
|
||||
case MDH_MD5:
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
{
|
||||
DWORD l = (DWORD)*outlen;
|
||||
if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0))
|
||||
return 0;
|
||||
*outlen = (unsigned int)l;
|
||||
return 1;
|
||||
}
|
||||
#else
|
||||
MD5_Final(out, &c->u.md5);
|
||||
*outlen = 16;
|
||||
return 1;
|
||||
#endif
|
||||
case MDH_BLAKE2:
|
||||
if(*outlen < c->outlen) return 0;
|
||||
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||
if(wc_Blake2bFinal(&c->blake2, out, c->outlen) != 0)
|
||||
return 0;
|
||||
#else
|
||||
if(blake2b_final(&c->blake2, out, c->outlen) != 0)
|
||||
return 0;
|
||||
#endif
|
||||
*outlen = c->outlen;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void mdh_free(mdh_ctx *c)
|
||||
{
|
||||
if(!c) return;
|
||||
#ifdef MDH_MD_BACKEND_CAPI
|
||||
if(c->hHash) CryptDestroyHash(c->hHash);
|
||||
if(c->hProv) CryptReleaseContext(c->hProv, 0);
|
||||
#endif
|
||||
memset(c, 0, sizeof(*c));
|
||||
free(c);
|
||||
}
|
||||
|
||||
#endif /* _WIN32 */
|
||||
|
||||
16
src/mdhash.h
16
src/mdhash.h
@ -4,19 +4,23 @@
|
||||
|
||||
please read License Agreement
|
||||
|
||||
Internal MD4/MD5 hash abstraction.
|
||||
- Windows: CryptoAPI (CAPI) backed, no OpenSSL dependency for these hashes.
|
||||
- Other platforms: OpenSSL EVP backed (requires WITH_SSL).
|
||||
Internal MD4/MD5/BLAKE2 hash abstraction.
|
||||
- Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2.
|
||||
- wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native).
|
||||
- Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference.
|
||||
*/
|
||||
#ifndef _MDHASH_H
|
||||
#define _MDHASH_H
|
||||
|
||||
typedef enum { MDH_MD4, MDH_MD5 } mdh_alg;
|
||||
typedef enum { MDH_MD4, MDH_MD5, MDH_BLAKE2 } mdh_alg;
|
||||
|
||||
typedef struct mdh_ctx mdh_ctx;
|
||||
|
||||
/* Returns NULL on failure. */
|
||||
mdh_ctx *mdh_init(mdh_alg alg);
|
||||
/* alg selects the hash. outlen selects digest size:
|
||||
- MD4/MD5: outlen ignored (fixed 16 bytes).
|
||||
- BLAKE2: outlen is the requested digest length (1..64).
|
||||
Returns NULL on failure. */
|
||||
mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen);
|
||||
|
||||
/* Returns 1 on success, 0 on failure. */
|
||||
int mdh_update(mdh_ctx *c, const void *data, unsigned int len);
|
||||
|
||||
29
src/ssl.c
29
src/ssl.c
@ -6,11 +6,20 @@
|
||||
*/
|
||||
|
||||
#include "structures.h"
|
||||
#ifdef WITH_WOLFSSL
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/openssl/crypto.h>
|
||||
#include <wolfssl/openssl/x509.h>
|
||||
#include <wolfssl/openssl/pem.h>
|
||||
#include <wolfssl/openssl/ssl.h>
|
||||
#include <wolfssl/openssl/err.h>
|
||||
#else
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
#include "proxy.h"
|
||||
#include "ssl.h"
|
||||
|
||||
@ -487,7 +496,7 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
|
||||
int err = 0;
|
||||
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
#else
|
||||
ctx = SSL_CTX_new(TLS_server_method());
|
||||
@ -517,14 +526,17 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
|
||||
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
|
||||
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
|
||||
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
|
||||
#elif defined(WITH_WOLFSSL)
|
||||
/* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */
|
||||
if(config->server_ciphersuites)wolfSSL_CTX_set_cipher_list(ctx, config->server_ciphersuites);
|
||||
#endif
|
||||
if(config->server_verify){
|
||||
if(config->server_ca_file || config->server_ca_dir){
|
||||
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
else if(config->server_ca_store){
|
||||
SSL_CTX_load_verify_store(ctx, config->server_ca_store);
|
||||
}
|
||||
@ -655,7 +667,7 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
|
||||
srv->so._poll = ssl_poll;
|
||||
}
|
||||
if(sc && (sc->mitm || sc->cli)){
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
sc->srv_ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
#else
|
||||
sc->srv_ctx = SSL_CTX_new(TLS_client_method());
|
||||
@ -671,17 +683,20 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
|
||||
if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version);
|
||||
if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version);
|
||||
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
|
||||
#elif defined(WITH_WOLFSSL)
|
||||
/* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */
|
||||
if(sc->client_ciphersuites)wolfSSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_ciphersuites);
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10200000L
|
||||
#if (defined(WITH_WOLFSSL) && defined(HAVE_ALPN) && LIBWOLFSSL_VERSION_HEX >= 0x03007000) || (!defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10200000L)
|
||||
if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len);
|
||||
#endif
|
||||
if(sc->client_verify){
|
||||
if(sc->client_ca_file || sc->client_ca_dir){
|
||||
SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
else if(sc->client_ca_store){
|
||||
SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store);
|
||||
}
|
||||
|
||||
11
src/ssllib.c
11
src/ssllib.c
@ -14,12 +14,22 @@
|
||||
#include <sys/file.h>
|
||||
#endif
|
||||
|
||||
#ifdef WITH_WOLFSSL
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/openssl/crypto.h>
|
||||
#include <wolfssl/openssl/x509.h>
|
||||
#include <wolfssl/openssl/x509v3.h>
|
||||
#include <wolfssl/openssl/pem.h>
|
||||
#include <wolfssl/openssl/ssl.h>
|
||||
#include <wolfssl/openssl/err.h>
|
||||
#else
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
|
||||
#include "proxy.h"
|
||||
#include "ssl.h"
|
||||
@ -103,7 +113,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
|
||||
X509 *dst_cert = NULL;
|
||||
|
||||
EVP_PKEY *pk = NULL;
|
||||
RSA *rsa = NULL;
|
||||
|
||||
unsigned char hash_sha256[32];
|
||||
char hash_name_sha256[(16*2) + 1];
|
||||
|
||||
Loading…
Reference in New Issue
Block a user